Investors call on companies to review and report on implementation of policies on privacy, data security, and free expression

Asset managers filed shareholder proposals this week with AT&T Inc. and Verizon Communications calling on the companies to report on their commitments to protect customers’ privacy.

The AT&T proposal, filed by Zevin Asset Management, follows recent news reports that AT&T provided U.S. law enforcement agencies routine access to customer data through a sweeping program called Hemisphere. According to the reports, Hemisphere is a proprietary product that law enforcement agencies pay to access for data on customer call records dating back to 1987. In addition to accessing data, law enforcement officials also reportedly gained access to AT&T employees who served on law enforcement teams.

The proposal asks AT&T to report “on the consistency between AT&T's policies on privacy and civil rights and the Company's actions with respect to U.S. law enforcement investigations.” A copy of the full proposal, which will be considered by shareholders at AT&T’s upcoming annual meeting in the spring of 2017, can be found here.

“Customers expect AT&T to protect their privacy while obeying lawful requests from the police,” said Pat Miguel Tomaino, Associate Director of Socially Responsible Investing at Zevin Asset Management. “It is harder for customers to understand why AT&T would keep an enormous call database, sell access to it for upwards of $1 million per year and then force the cops to keep it secret. For investors, that’s what makes Hemisphere so risky – the perception that AT&T might be going beyond legal requirements and its own privacy policies.”

The shareholder proposal at Verizon, filed by Trillium Asset Management on behalf of the Park Foundation, comes on the heels of the company’s proposed acquisition of Yahoo. Subsequent to the company’s July announcement, Verizon learned of a data breach involving an estimated 500 million Yahoo accounts while Reuters reported that Yahoo had secretly built a custom software program to search all of its customers' incoming emails for specific information flagged by U.S. intelligence officials.

The proposal, which can be found here, notes that “Verizon has made several policy commitments regarding privacy, free expression and data security. However, it has not provided a significant account of how it implements those commitments.” The proposal calls on Verizon’s board to report on the company’s “progress toward implementing its various commitments pertaining to privacy, free expression and data security.”

“Verizon has a powerful network and it needs to match it with powerful privacy, free expression and data security protections," said Jonas D. Kron, Senior Vice President at Trillium Asset Management. “Investors, consumers, and policy makers are watching closely and there is little tolerance for missteps in this critically important area. Now is the time for Verizon to demonstrate unambiguously that its promises have meaning.”

“The gap between long-standing policy commitments, and actions by companies like Verizon and AT&T stands to erode the public and customer’s trust in an industry built upon it,” says Michael Connor, Executive Director of Open MIC, a nonprofit organization that works with shareholders in media and tech industries.

“Consumer trust is critical in the digital age, but unless senior management and boards of directors develop and enforce robust corporate policies and practices to protect the privacy of their users and customers, that trust will quickly erode,” said Connor. “AT&T and Verizon need to step up and provide a much greater level of transparency and accountability.”